I have some security built into a client side program that downloads a DLL

Question

0

Asked: May 26, 20262026-05-26T09:00:51+00:00 2026-05-26T09:00:51+00:00

I have some security built into a client side program that downloads a DLL

0

I have some security built into a client side program that downloads a DLL from the web, and called a function inside that DLL. The DLL is strong-named, and the function in the DLL uses Assembly.GetCallingAssembly() to determine the calling assembly so that I can accurately get a path to the program who called it. From there we do a hash check of the assembly and verify that it is the correct one.

We have people that have gotten themselves attached in full trust mode, and are able to spoof the GetCallingAssembly call to point to the real executable, while they run a modified version of it. Is there something else other then GetCallingAssembly that I can use to get the true caller? Some callstack or something that may provide the real executable since GetCallingAssembly seems to be easily spoofed.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T09:00:51+00:00

Editorial Team

2026-05-26T09:00:51+00:00Added an answer on May 26, 2026 at 9:00 am

You can’t do this while running in full trust mode. Full trust means people can do things like spoofing. Here is a similar discusison:
reflection is possible on obfuscation

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have some security built into a client side program that downloads a DLL

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply